Machine analytics help San Diego protect its systems

By Derek Major

Apr 06, 2016

In building out San Diego’s security program, Gary Hayslip, the city’s chief information security officer, wanted to analyze and monitor the city’s machine-generated data to protect its systems.The eighth largest city in the United States, San Diego has more than network 40,000 endpoints and sees an average of more than 4 million attacks per week. The city engaged Splunk to help protect against those attacks with its User Behavior Analytics and Enterprise Security systems.

Splunk’s systems use data science and machine learning to detect, analyze, investigate and respond to threats quickly. The systems also take data from different sources and insert it into one dashboard to make the information accessible across every department, which simplifies identifying patterns, diagnosing problems and providing intelligence. All of this helps Hayslip and San Diego protect 24 different networks and 25 different data sources.

Additionally, Splunk is compatible with the software San Diego already runs. “We have certain firewalls and we have a Cisco system and run on Microsoft programs, so we have Active Directory, and each of these has … apps that can be plugged into Splunk,” Hayslip said. “It basically saves you from having to build a lot of reports that are specific for the type of data you want to look at. With these apps, [that capability is] already built in.”

Splunk is not only helping San Diego with protecting its data, but also to apply the data it has to improve city services. With more than 40 municipal departments, information on traffic, public transportation and even garbage collection is routinely being monitored.

Hayslip said that the city has over a petabyte of data going back decades, and through a new open data initiative, the data is not only being viewed by city officials, but it’s also being released to the public.

“Our city network is pretty diverse,” Hayslip said. Data is coming in from connected systems on everything from golf courses to trash trucks, he explained. Other city departments probably never realized that their equipment generated this data, he said, but now “we’re able to collect it and we’re having a lot of discussions about which of these groups of data are really important.”